This method is invoked by the AuthenticationFilter only if the HTTP client request is
not yet authenticated.

Depending upon the authentication mechanism being implemented, a particular HTTP client may
end up making a sequence of invocations before authentication is successfully established (this is
the case of Kerberos SPNEGO).

This method must return an AuthenticationToken only if the the HTTP client request has
been successfully and fully authenticated.

If the HTTP client request has not been completely authenticated, this method must take over
the corresponding HTTP response and it must return null.

Parameters:

request - the HTTP client request.

response - the HTTP client response.

Returns:

an AuthenticationToken if the HTTP client request has been authenticated,
null otherwise (in this case it must take care of the response).